Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,799
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,351
Swift
54
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
An authenticated attacker with the Resource Administrator or Administrator role can modify... High Unreviewed
CVE-2026-40631 was published May 13, 2026
A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource... Moderate Unreviewed
CVE-2026-42063 was published May 13, 2026
Files or directories accessible to external parties in Microsoft Office Word allows an... Moderate Unreviewed
CVE-2026-35440 was published May 12, 2026
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized... Moderate Unreviewed
CVE-2026-32185 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion... Critical Unreviewed
CVE-2026-31215 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion... Critical Unreviewed
CVE-2026-31216 was published May 12, 2026
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15... High Unreviewed
CVE-2026-39871 was published May 11, 2026
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4... High Unreviewed
CVE-2026-7817 was published May 11, 2026
@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening Moderate
GHSA-cqmh-pcgr-q42f was published for @axonflow/openclaw (npm) May 6, 2026
The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly... Moderate Unreviewed
CVE-2026-5335 was published May 4, 2026
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its... High Unreviewed
CVE-2025-7389 was published Apr 14, 2026
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the... Critical Unreviewed
CVE-2019-25709 was published Apr 12, 2026
A files or directories accessible to external parties vulnerability in Synology SSL VPN Client... Moderate Unreviewed
CVE-2021-47960 was published Apr 10, 2026
OpenClaw: Self-Whitelisting in appendLocalMediaParentRoots Allows Arbitrary File Read & Credential Exfiltration High
GHSA-57gh-m6rq-54cf was published for openclaw (npm) Apr 3, 2026
tdjackey Credited to tdjackey
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
Ruckus Access Point products contain an arbitrary file read vulnerability in the command-line... Moderate Unreviewed
CVE-2021-4474 was published Mar 26, 2026
From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he... High Unreviewed
CVE-2026-4760 was published Mar 25, 2026
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes Moderate
CVE-2026-32750 was published for github.com/siyuan-note/siyuan (Go) Mar 16, 2026
fg0x0 Credited to fg0x0
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that... High Unreviewed
CVE-2016-20025 was published Mar 16, 2026
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0... Moderate Unreviewed
CVE-2025-66955 was published Mar 12, 2026
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction Moderate
CVE-2026-29066 was published for @tinacms/cli (npm) Mar 12, 2026
alaeddine03 Credited to alaeddine03
EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated... High Unreviewed
CVE-2018-25164 was published Mar 6, 2026
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas... Critical Unreviewed
CVE-2026-2331 was published Mar 6, 2026
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due... Critical Unreviewed
CVE-2026-2330 was published Mar 6, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database